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(54) AUTHENTICATION COMMUNICATION DEVICE AND AUTHENTICATION COMMUNICATION 
SYSTEM 



(57) An authentication communication system in- 
cludes an storage medium having an area for storing 
digital information and an access device for reading/ 
writing digital information from/into the area. The access 
device authenticates whether the storage medium is au- 
thorized according to a challenge-response authentica- 
tion protocol in which scrambled access information 
generated by scrambling the access information which 



shows the area is used. The storage medium authenti- 
cates whether the access device is authorized. When 
the access device and the storage medium have au- 
thenticated each other as authorized devices* the ac- 
cess device reads/writes digital information from/into 
the area in the storage medium according to the access 
information separated from the scrambled access infor- 
mation by the access device. 
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Description 

TECHNICAL FIELD 

[0001] The present invention relates to a technique of 5 
mutual authentication between a device and a storage 
medium, before digital copyright works are transferred 
between them. 

BACKGROUND ART ™ 

[0002] In recent years, as a result of progress in digital 
information compression techniques and widespread 
use of global communication infrastructures such as the 
Internet, copyright works such as music, images, video, '5 
and games are distributed via communication lines to 
households as digital copyright works. 
[0003] In order to establish a distribution system 
which protects the rights of copyright holders of digital 
copyright works and the profits of distributors, it is critical 20 
to prevent dishonest acts such as acquisition of a digital 
copyright work by communication interception, wiretap- 
ping, impersonation, and duplication and tampering of 
data received and stored in a storage medium. There- 
fore, copyright protection techniques, such as encryp- 25 
tion and authentication for authenticating whether a sys- 
tem is authorized and scrambling data, are needed. 
[0004] A variety of copyright protection techniques ' 
have been conventionally used. A representative tech- 
nique is a challenge-response mutual authentication 30 
technique. In this technique, when accessing a confi- 
dential data storage area storing confidential data which 
requires copyright protection, a random number and a 
response value are exchanged between devices to mu- 
tually authenticate whether the other of them is author- 3S 
ized. The access is permitted only when the authentica- 
tion is successful. 

[0005] After the mutual authentication has been car- 
ried out between the authorized devices, an unauthor- 
ized party may impersonate one of the authorized de- *o 
vice and dishonestly acquire confidential data by ac- 
cessing the confidential data storage area. 

DISCLOSURE OF THE INVENTION 

45 

[0006] The present invention has been made in view 
of these problems. The object of the present invention 
is to provide an access device, a storage medium, an 
authentication communication system, an authentica- 
tion communication method, and a storage medium so 
storing an authentication communication program 
which prevent information for accessing a confidential 
data storage area from being leaked. 
[0007] In order to achieve the above object, the 
present invention is an authentication communication 55 
system which is roughly composed of (a) a storage me- 
dium having an area for storing digital information and 
(b) an access device for reading/writing digital informa- 
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tion from/into the area, the authentication communica- 
tion system including: a first authentication phase in 
which the access device authenticates whether the stor- 
age medium is authorized according to a challenge-re- 
sponse authentication protocol by transmitting scram- 
bled access information generated by scrambling ac- 
cess information which shows the area, to the storage 
medium; a second authentication phase in which the 
storage medium authenticates whether the access de- 
vice is authorized; and a transfer phase in which, when 
the storage medium and the access device have au- 
thenticated each other as authorized devices, the stor- 
age medium extracts the access information from the. 
scrambled access information, and the access device 
reads/writes digital information from/into the area shown 
by the access information. . 

[0008] Thereby, when mutual authentication is per- 
formed, information for accessing a confidential data 
storage area is scram Wed and transferred. Accordingly, 
confidentiality of the information for accessing a confi- 
dential data storage area can be improved. 
[0009] If the information for. accessing a confidential 
data storage area is changed into different information 
and transferred by dishonest impersonation, mutual au- 
thentication is not successfully performed. Therefore, 
the confidential data storage area can be. kept from be- 
ing accessed. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0010] 

FIG. 1 shows the external appearances of authen- 
tication communication systems 30 and 31 as spe- 
cific example structures of an authentication com- 
munication system 100. FIG. 1 (a) shows the exter- 
nal appearance of the authentication communica- 
tion system 30 which is roughly composed of a per- 
sonal computer and a memory card 20, and FIG 1 
(b) shows the external appearance of the authenti- 
cation communication system 31 which is roughly 
composed of a personal stereo, the memory card 
20, and a headphone; 

FIG. 2 is a block diagram showing the constructions 
of a reader/writer apparatus 10 and the memory 
card 20 which is included in the authenticate com- 
munication system 100; 

FIG. 3 shows data structures of access information, 
a random number seed, and random number ac- 
cess information; 

FIG. 4 is a flowchart showing an operation of the 
authentication communication system 100 in partic- 
ular assuming that information stored in a memory 
card is read, which is continued in FIG. 5; 
FIG. 5 is continuation of the flowchart in FIG. 4 
showing the operation of the authentication com- 
munication system 100; 

FIG. 6 is a flowchart showing another operation of 
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the authentication communication system 100 in 
particular assuming that the reader/writer appara- 
tus 10 is an apparatus for writing information into a 
memory card; 

FIG. 7 is a block diagram of the construction of an 
authentication communication system 100a as an- 
other embodiment; 

FIG. 8 is a flowchart showing an operation which is 
unique to the authentication communication system 
100a; 

FIG. 9 is a block diagram of the construction of an 
authentication communication system 100b as an- 
other embodiment; 

FIG. 10 is a flowchart showing an operation which 
is unique to the authentication communication sys- 
tem 100b; 

BEST MODE FOR CARRYING OUT THE INVENTION 

[001 1] An authentication communication system 1 00 
is explained below, as an embodiment of the present 
invention. 



1 . External Appearance and Usage Pattern of the 
Authentication Communication System 100 



[0012] The external appearances of authentication 
communication systems 30 and 31 as specific example 
constructions of the authentication communication sys- 
tem 100 are shown in FIG. 1(a) and FIG. 1(b). 
[0013] As shown in FIG.1 (a), the authentication com- 
munication system 30 is roughly composed of a person- 
al computer and a memory card 20. The personal com- 
puter includes a display unit, a keyboard, a speaker, a 
microprocessor, a RAM (Random Access Memory), a 
. ROM (Read Only Memory), and a hard disc unit, and is 
connected to a network such as the Internet via a com- 
munication line. The memory card 20 is inserted into a 
memory card slot to be loaded into the personal com- 
puter. 

[0014] As shown in FIG. 1 (b), the authentication com- 
munication system 31 is roughly composed of a person- 
al stereo, the memory card 20, and a headphone. The 
memory card 20 is inserted into a memory card slot to 
be loaded into the personal stereo. The personal stereo 
is provided with a plurality of operation buttons on the 
top face, and connected to the headphone on a side 
face. 

[001 5] A user loads the memory card 20 into the per- 
sonal computer, obtains a digital copyright work such as 
music from an external Web server via the Internet, and 
writes the digital copyright work into the memory card 
20. The user then loads the memory card 20 storing the 
digital copyright work into the personal stereo, and en- 
joys playing back the digital copyright work by the per- 
sonal stereo. 

[001 6] Here, authentication according to a challenge- 
response authentication protocol is performed between 



the personal computer and the memory card 20, and 
between the personal stereo and the memory card 20. 
Only when the devices mutually authenticate each oth- 
er, the digital copyright work is transferred between the 
5 devices. 



2. Construction of the Authentication Communication 
System 100 



10 [0017] As shown in FIG. 2, the authentication commu- 
nication system 100 is roughly composed of a reader/ 
writer apparatus 1 0 and the memory card 20. Here, the 
reader/writer apparatus 10 corresponds to the personal 
computer or the personal stereo respectively shown in 
is FIG. 1(a) and (b). 

2.1 Construction of the Reading/Writing Apparatus 10 

[0018] The reader/writer apparatus 10 includes an ac- 
& cess information storage unit 101, a random number 
seed storage unit 102, a combination unit 103, a public 
-key storage unit 104, an encryption unit 105, a random 
number seed update unit 106, a mutual authentication 
unit 107, a temporary key generation unit 108, an en- 
25 cryption/decryption unit 109, a data storage unit 110, 
and an input/output unit 1 1 1 . 

[0019] The reader/writer apparatus 10 is equipped 
with a microprocessor, a RAM, a ROM, and the like. 
Computer programs are stored in the ROM or the like, 
30 and the microprocessor operates in accordance with the 
computer programs. 

(1)lnput/Output unit 111 

35 [0020] The input/output unit 111 accepts a user oper- 
ation, and generates access information for accessing 
music information which is stored in a data storage unit 
209 of the memory card 20. As shown in FIG. 3, the ac- 
cess information is 32 bits long, and is composed of ad- 

40 dress information showing an address of an area in the 
data storage unit 209 in the memory card 20 and size 
information showing a size of the area. The address in- 
formation is 24 bits long, and the size information is 8 
bits long. 

45 [0021] The input/output unit 111 also reads music in- 
formation CT from the data storage unit 110, converts 
the music information CT into an audio signal, and out- 
puts the audio signal. 

[0022] In addition, the input/output unit 111 accepts a 
so user operation, obtains music information CT from out- 
side, and writes the music information CT into the data 
storage unit 110. 



55 



(2)Access Information storage unit 101 

[0023] The access information storage unit 101 is 
equipped with a semiconductor memory, and includes 
an area to store the access information. 
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(3)Random Number Seed Storage Unit 102 



(7)Random Number Seed Update Unit 106 



[0024] The random number seed storage unit 102 is 
equipped with a semiconductor memory, and prestores 
a 64-bit random number seed shown in FIG. 3. The ran- 
dom number seed is registered when the apparatus is 
manufactured. 

[0025] The random number seed storage unit 1 02 
does not allow direct access from outside. In other 
words, the random number seed storage unit is protect- 
ed from outside access. 

(4) Combination Unit 103 

[0026] The combination un it 1 03 reads the access in- 
formation. from the access information storage unit 101 
and the random number seed from the random number 
seed storage unit 1 02. Next, as shown in the FIG. 3, the 
combination unit 103 combines the access information 
and the lower 32 bits of the random number seed, to 
generate 64-bit random number access information.' 
The combination unit 103 then outputs the random 
number access information to the encryption unit 1 05. 

(5) Pub!ic Key Storage Unit 1 04 

[0027] The public key storage unit 104 is equipped 
with a semiconductor memory, and includes an area to 
store a 56-bit public key UK. The reader/writer appara- 
tus 1 0 secretly obtains a public key UK stored in a public 
key storage unit 201 from the memory card 20, and the 
public key storage unit 104 stores the public key UK. 
[0028] The public key storage unit 1 04 does not allow 
direct access from outside. In other words, the public 
key storage unit 1 04 is protected from outside access. 

(6) Encryption Unit 105 

[0029] The encryption unit 105 reads the public key 
UK from the public key storage unit 104, and receives 
the random number access information from the com- 
bination unit 1 03. Next, the encryption unit 1 05 encrypts 
the random number access information according to an 
encryption algorithm E1 using the public key UK, to gen- 
erate encrypted access information R1. Here, the en- 
cryption unit 105 uses DES (Data Encryption Standard) 
for the encryption algorithm E1 . 
[0030] The encryption unit 105 then outputs the en- 
crypted access information R1 to the mutual authenti- 
cation unit 107, the random number seed update unit 
106, and the temporary key generation unit 108. The 
encryption unit 1 05 also outputs the encrypted access 
information R1 to a decryption, unit 205, mutual authen- 
tication- unit 207, and temporary key generation unit 208 
in the memory card 20. 

[0031] The encrypted access information R1 gener- 
ated in this way is scrambled information which is ob- 
tained by scrambling the access information. 



[0032] The random number seed update unit 1 06 re- 
ceives the encrypted access information R1 from the en- 
s cryption unit 105, and writes the encrypted access in- 
formation R1 over the random number seed stored in 
the random number seed storage unit 1 02 as a new ran- 
dom number seed. 

10 (8)Mutual Authentication Unit 107 

[0033] The mutual authentication unit .1 07 receives 
the encrypted access information R1 , reads the public 
key UK from the public key storage unit 104, and calcu- 
15 lates a response value V2' by evaluating Expression 1 
using the encrypted access information R1 and the pub- 
lic key UK. 



20 



50 



(Expression 1) V2'=F1 (R1,UK)=SHA(R1+UK) 



[0034] Here, the function F1 (a,b) is, for example, a 
function which combines a and b, and subjects the result 
of the combination to SHA (Secure Hash Algorithm) . 
25 Also, V is an operator denoting combination. 

[0035] The mutual authentication unit 107 receives a 
response value V2 from the mutual authentication unit 
207. 

[0036] The mutual authentication unit 107 then judges 
30 whether the response values V2 and V2" match. When 
they do not match, the mutual authentication unit 107 
judges that the memory card 20 is an unauthorized de- 
vice and prohibits. the other construction elements from 
executing the subsequent operations. When they 
35 match, on the other hand, the mutual authentication unit 
1 07 authenticates the memory card 20 as an authorized 
device and permits the other construction elements to 
execute the subsequent operations. 
[0037] Also, the mutual authentication unit 1 07 re- 
40 ceives a random number R2 from a random number 
generation unit 204, calculates a response value V1 by 
evaluating Expression 2 using the random number R2 
and the public key UK, and outputs the response value 
V1 to the mutual authentication unit 207. 

45 

(Expression 2) V1 =F2(R2,UK)=SHA(R2+UK) 



(9)Temporary Key Generation Unit 108 



[0038] The temporary key generation unit 108 re- 
ceives, when the memory card 20 is authenticated as 
an authorized device and permitted to execute the op- 
eration, the encrypted access information R1 and the 
55 random number R2, and generates a temporary key VK 
by evaluating Expression 3 using the encrypted access 
information R1 and the random number R2. 
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(Expression3) VK=F3(R1,R2)=SHA(Rt+R2) 

[0039] The temporary key generation unit ,108 then 
outputs the temporary key VK to the encryption/decryp- 
tion unit 109. (10)Encryption/Decryption Unit 109 
[0040] The encryption/decryption unit 109 receives 
the temporary key VK from the temporary key genera- 
tion unit 108. 

[0041] The encryption/decryption unit 109 receives 
encrypted music information EncCT from an encryption/ 
decryption unit 21 0, decrypts the encrypted music infor- 
mation EncCT according to a decryption algorithm D3 
using the temporary key VK to obtain music information 
CT, and writes the music information CT into the data 
storage unit 110. 

[0042] Here, the encryption/decryption unit 109 uses 
DES for the decryption algorithm D3. 
[0043] The encryption/decryption unit 109 also reads 
music information CT from the data storage unit 110, 
encrypts the music information CT according to an en- 
cryption algorithmE2 using the temporary key VK to 
generate encrypted music information EncCT and out- 
puts the encrypted music information EncCT to the en- 
cryption/decryption unit 210. 

[0044] Here, the encryption/decryption unit 109 uses 
DES for the encryption algorithm E2. 

(11)Data Storage Unit 110 

[0045] The data storage unit 110 is equipped with a 
semiconductor memory, and includes an area to store 
music information CT 



2.2 Memory Card 20 

[0046] The memory card 20 includes the public key 
storage unit 201, a random number seed storage unit 
202, a random number seed update unit 203, the ran- 
dom number generation unit 204, the decryption unit 
205, a separation unit 206, the mutual authentication 
unit 207, the temporary key generation unit 208, a data 
storage unit 209, and the encryption/decryption unit 
210. 

(1) Public Key Storage Unit 201 

[0047] The public key storage unit 201 is equipped 
with a semiconductor memory, and stores a 56-bit public 
key UK. The public key UK is registered when the mem- 
ory card 20 is manufactured. 

[0048] The public key storage unit 201 does not allow 
direct access from outside. Therefore, the public key 
storage unit 201 is protected from outside access. 

(2) Random Number Seed Storage Unit 201 



equipped with a semiconductor memory, and prestores 
a 64-bit random number seed. The random number 
seed is registered when the memory card 20 is manu- 
factured. 

5 [0050] The random number seed storage unit 202 
does not allow direct access from outside. In other 
words, the random number seed storage unit is protect- 
ed from outside access. 

io (3)Random Number Generation Unit 204 



[0051] The random number generation unit 204 reads 
the random number seed from the random number seed 
storage unit 202, generates a 64-bit random number R2 
using the random number seed, outputs the random 
number R2 to the random number seed update unit 203, 
the mutual authentication unit 207, and the temporary 
key generation unit 208 . The random number genera- 
tion unit 204 also outputs the random number R2 to the 
mutual authentication unit 107 and temporary key gen- 
eration unit 1 08 in the reader/writer apparatus 1 0. 



15 



20 



25 



30 



35 



40 



45 



50 



55 



(4) Random. Number Seed Update Unit 203 

[0052] The random number seed update unit 203 re- 
ceives the random number R2 from the random number 
generation unit 204 and writes the random number R2 
over the random number seed stored in the random 
number seed storage unit 202 as a new random number 
seed. 

(5) Decryption Unit 205 

[0053] The decryption unit 205 reads the public key 
UK from the public key storage unit 201, and receives 
the encrypted access information R1 from the encryp- 
tion unit 105. Next, the decryption unit 205 decrypts the 
encrypted access information R1 according to a decryp- 
tion algorithm D1 using the public key UK to obtain the 
random number access information, and outputs the 
random number access information to the separation 
unit 206. 

[0054] Here, the decryption unit 205 uses DES for the 
decryption algorithm D1. The decryption algorithm D1 
decrypts a cryptogram which is generated by the en-, 
cryption algorithm E1 . 

(6) Separation Unit 206 

[0055] The separation unit 206 receives the random 
number access information from the decryption unit 
205, separates the upper 32 bits of data from the ran- 
dom number access information as the access informa- 
tion, and outputs the access information to the datastor- 
age unit 209. 



[0049] The random number seed storage unit 202 is 
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(7) Mutual Authentication Unit 207 

[0056] The mutual authentication unit 207 reads the 
public key UK from the public key storage unit 201 , re- 
ceives the encrypted access information R1 , calculates 
the response value V2 by evaluating Expression 4 using 
the encrypted access information R1 and the public key 
UK, and outputs the response value V2 to the mutual 
authentication unit 1;07 in the reader/writer apparatus. 

(Expression 4) V2=F1 (R1 ,UK)=SHA(R1+UK) 

[0057] Here, this function F1 is equal to the function 
F1 in Expression 1 . 

[0058] Also, the mutual authentication unit 207 re- 
ceives the random number R2 from the random number 
generation unit 204 and calculates the response value 
VT by evaluating Expression 5 using the random 
number R2 and the public key UK. 

(Expression 5) V1 '=F2(R2,UK)=SHA(R2+UK) 

[0059] Here, this function F2 is equal to the function 
F2 in Expression 2. 

[0060] Next, the mutual authentication unit 207 re- 
ceives the response value V1 from the mutual authen- 
tication unit 107 and judges whether the response val- 
ues V1 and vT match. When they do not match, the 
mutual authentication unit 207 judges that the reader/ 
writer apparatus 10 is an unauthorized device and pro- 
hibits the other construction elements from executing 
the subsequent operations. When they match, the mu- 
tual authentication unit 207 authenticates the reader/ 
writer apparatus 1 0 as an authorized device and permits 
the construction elements to execute the subsequent 
operations. 

(8) Temporary Key Generation Unit 208 

[0061] The temporary key generation unit 208 re- 
ceives, when the reader/writer apparatus 10 is authen- 
ticated as an authorized device and permitted to exe- 
cute the operation, the encrypted access information R1 
and the random number R2, and generates a temporary 
key VK by evaluating Expression 6 using the encrypted 
access information R1 and the random number R2. 

(Expression 6) VK=F3(R1,R2)=SHA(R1+R2) 

[0062] Here, this function F3 is equal to the function 
F3 in Expression 3. 

[0063] The temporary key generation unit 208 then 
outputs the temporary key VK to the encryption/decryp- 
tion unit 210. 



(9) Data Storage Unit 209 

[0064] The data storage unit 209 is equipped with a 
semiconductor memory, and includes an area to store 
5 music information CT. 

(10) Encryption/Decryption Unit 210 

[0065] The encryption/decryption unit 210 receives 
10 the temporary key VK from the temporary key genera- 
tion unit 208. 

[0066] The encryption/decryption unit 210 receives 
the encrypted music information EncCT from the en- 
cryption/decryption unit 109, decrypts the encrypted 
is music information EncCT according to a decryption al- 
gorithm D2 using the temporary key VK to obtain the 
music information CT, and writes the music information 
CT into the area in the data storage unit 209 shown by 
the access information: 

[0067] Here, the encryption/decryption unit 21 0 uses 
DES for the decryption algorithm D2. The decryption al- 
gorithm D2 decrypts a cryptogram which is generated 
by the encryption algorithm E2. 
[0068] Also, the encryption/decryption unit 210 reads 
music information CTfrom the area in the data storage 
unit 209 shown by the access information, encrypts the 
music information CT according to an encryption algo- 
rithm E3 to generate the encrypted music information 
EncCT, and outputs the encrypted music information 
EncCT to the encryption/decryption unit 1 09. 
[0069] Here, the encryption/decryption unit 21 0 uses 
DES for the encryption algorithm E3. The decryption al- 
gorithm D3 decrypts a cryptogram which is generated 
by the encryption algorithm E3. 

3. Operation of the Authentication Communication 
system 1 00 

(1 )Reading Operation 

[0070] An operation of the reader/writer apparatus 1 0 
and the memory card 20 which are included in the au- 
thentication communication system 100 is explained 
with reference to FIGs. 4 and 5. 
[0071] Here, it is assumed that the reader/writer ap- 
paratus 10 is, like the personal stereo shown in FIG. 1 
(b), an apparatus for reading information stored in a 
memory card. 

[0072] The combination unit 103 reads a random 
number seed from the random number seed storage 
unit 102, reads access information from the access in- 
formation storage unit 101, and combines the random 
number seed and the access information, to generate 
random number access information (Step S101). The 
encryption unit reads a public key from the public key 
storage unit 104, and encrypts the random number ac- 
cess information using the public key, to generate en- 
crypted access information R1 (Step S102). The mutual 
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authentication unit 107 calculates V2' =F1 (R1) (Step 
S103). The random number update unit 106 writes the 
random number access information over the random 
number seed stored in the random number seed storage 
unit 102 as a new random number seed (Step S104). 
[0073] The encryption unit 1 05 outputs the encrypted 
access information R1 to the memory card 20, and the 
mutual authentication unit 207 in the memory card 20 
receives the encrypted access information R1 (Step 
S105). 

[0074] The mutual authentication unit 207 calculates 
V2=F1(R1) (Step S106), and outputs the response val- 
ue V2 to the mutual authentication unit 1 07 in the reader/ 
writer apparatus 10 (Step S107). 
[0075] The mutual authentication unit 107 judges 
whether the response values V2 and V2' match. When 
they do not match (Step S108) r the mutual authentica- 
tion unit 107 judges that the memory card 20 is an un- 
authorized device and cancels the subsequent opera- 
tions. 

[0076] When they match (Step S1 08), the mutual au- 
thentication unit 1 07 authenticates the memory card 20 
as an authorized device. After that, the random number 
generation unit 204 in the memory card 20 reads a ran- 
dom number seed from the random number seed stor- 
age unit 202 and generates a random number R2 using 
the random number seed (Step S109). The mutual au- 
thentication unit 207 calculates V1'=F2(R2) (Step 
S 1 1 0). The random number seed update unit 203 writes 
the random number R2 over the random number seed 
stored in the random number seed storage unit 202 as 
a new random number seed (Step S111). Next, the ran- 
dom number generation unit 204 outputs the random 
number R2 to the mutual authentication unit 107 in the 
reader/writer apparatus 10, and the mutual authentica- 
tion unit 107 receives the random number R2 (Step 
S112). The mutual authentication unit 107 generates 
V 1 =F2(R2) (Step S1 1 3) and outputs the response value 
V1 to the mutual authentication unit 207 of the memory 
card 20, and the mutual authentication unit 207 receives 
the response value V1 (Step S114). 
[0077] Next, the mutual authentication unit 207 judg- 
es whether the response values V1 and V1' match. 
When they do not match (Step S115), the mutual au- 
thentication unit 207 judges that the reader/writer appa- 
ratus 1 0 is an unauthorized device and cancels the sub- 
sequent operations. 

[0078] When they match (Step S115), the mutual au- 
thentication unit 207 authenticates the reader/writer ap- 
paratus as an authorized device. After that, the tempo- 
rary key generation unit 108 in the reader/writer appa- 
ratus 10 generates a temporary key VK using the en- 
crypted access information R1 and the random number 
R2 (Step S121). The decryption unit 205 in the memory 
card 20 reads a public key UK from the public key stor- 
age unit 201 and decrypts the encrypted access infor- 
mation R1 using the public key UK to obtain the random 
number access information (Step S122). The separa- 



tion unit 206 separates the access information from the 
random number access information (Step S123). The 
temporary key generation unit 208 generates a tempo- 
rary key VK using the encrypted access information R1 

5 and the random number R2 (Step S124). The encryp- 
tion/decryption unit 210 reads music information CT 
from the area in the data storage unit 209 shown by the 
access information (Step S125). The encryption/de- 
cryption unit 210 encrypts the music information CT us- 

io ing the temporary key VK to generate encrypted music 
information EncCT (Step S 126), and outputs the gener- 
ated encrypted music information EncCT to the encryp- 
tion/decryption unit 109 in the reader/writer apparatus 
10 (StepS 127). 

'5 [0079] The encryption/decryption unit 109 decrypts 
the encrypted music information EncCT using the tem- 
porary key VK to obtain the music information CT, and 
writes it into the data storage unit 110 (Step S128). The 
input/output unit 111 reads the music information CT, 
20 converts the read music information CT into an audio 
signal, and outputs it (Step S129). 

(2) Writing Operation 

25 [0080] Another operation of the reader/writer appara- 
tus 10 and the memory card 20 which are included in 
the authentication communication system 100 is ex- 
plained with reference to FIG. 6. 
[0081] Here, the explanation is given assuming that 

30 the reader/writer apparatus 1 0 is, like the personal com- 
puter shown in FIG. 1 (a), an apparatus for writing infor- 
mation into a memory card. Since the reading operation 
and the writing operation are similar, only the differences 
are explained. 

35 [0082] A flowchart obtained by replacing Steps S1 25 
to S129 in the flowchart shown in FIGs. 4 and 5 with 
steps shown in FIG. 6 illustrates the writing operation of 
the authentication communication system 100. 
[0083] The encryption/decryption unit 109 reads mu- 

40 sic information CT from the data storage unit 1 1 0 (Step 
S1 31 ), encrypts the music information CT using the tem- 
porary key VK to generate encrypted music information 
CT (Step S132), and outputs the encrypted music infor- 
mation to the encryption/decryption unit 21 0 in the mem- 

^5 ory card 20, and the encryption/decryption unit 21 0 re- 
ceives the encrypted music information CT(StepS133). 
[0084] The encryption/decryption unit 210 decrypts 
the encrypted music information EncCT using the tem- 
porary key VK to obtain the music information CT (Step 

so S1 34), and writes the obtained music information CT in- 
to the area in the data storage unit 209 shown by the 
access information (Step S135). 

4. Summary 
55 ' 

[0085] As described above, when mutual authentica- 
tion is performed, information for accessing a confiden- 
tial data storage area storing confidential data is scram- 
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bled and transferred, so that confidentiality of the infor- 
mation for accessing confidential data storage area can 
be improved. 

[0086] If the information for accessing a confidential 
data storage area is changed into different information 
and transferred by dishonest impersonation, mutual au- 
thentication is not successfully performed. 
Accordingly, this system can prevent the confidential da- 
ta storage area from being accessed. 
[0087] When a random number is updated, access in- 
formation for accessing a confidential datastorage area 
is not used. Therefore, periodicity of the random number 
can be improved. 

5. Authentication Communication System 100a 

[0088] An authentication communication system 
100a is explained below, as a modification of the au- 
thentication communication system 100. 

5.1 Construction of the Authentication Communication 
System 1 00 

[0089] The authentication communication system 
100a is, as shown in FIG. 7, roughly composed of a 
reader/writer apparatus 10a and the memory card 20. 
[0090] The memory card 20 is the same as the mem- 
ory card 20 shown in FIG. 2. So, the explanation of the 
memory card 20 is omitted here. 
[0091] The reader/writer apparatus 10a includes an 
access information storage unit 101 , a random number 
seed storage unit 1 02, a combination unit 1 03, a public 
key storage unit 104, an encryption unit 105, a random 
number seed update unit 1 06, a mutual authentication 
unit 107, a temporary key generation unit 108, an en- 
cryption/decryption unit 1 09, a data storage unit 1 1 0, an 
input/output unit 111 , and a random number generation 
unit 112. 

[0092] The following explanation focuses on the dif- 
ferences from the reader/writer apparatus 1 0. The other 
points are the same as those of the reader/writer appa- 
ratus 10. So, the explanation of them are omftted here. 

(1) Random Number Generation Unit 112 

[0093] The random number generation unit 1 1 2 reads 
a random number seed from the random number seed 
storage unit 1 02, generates a 64-bit random number us- 
ing the random number seed, and outputs the random 
number to the combination unit 103 and the random 
number update unit 106. 

(2) Random Number Seed Update Unit 106 

[0094] The random number seed update unit 1 06 re- 
ceives the random number from the random number 
generation unit 112, and writes the random number over 
the random number seed stored in the random number 
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seed storage unit 102 as a new random number seed. 
(3) Combination Unit 103 

5 [0095] The combination unit 1 03 receives the random 
number from the random number generation unit 112, 
reads the access information from the access informa- 
tion storage unit 101, and combines the random number 
and the access information, to generate random number 

io access information. 

5.2 Operation of the Authentication Communication 
System 1 00a 

15 [0096] An operation of the authentication communir 
cation system 100a is explained with reference to FIG. 
8. 

[0097] The random number generation unit 1 1 2 reads 
a random number seed from the random number seed 

20 storage unit 102 (Step S201), and generates a 64-bit 
random number using the random number seed (Step 
S202). The random number seed update unit 106 re- 
ceives the random number from the random number 
generation unit 1 1 2, and writes the random number over 

25 the random number seed stored in the random number 
seed storage unit 102 as a new random number seed 
(Step S203). Next, the combination unit 103 receives 
the random number from the random number genera- 
tion unit 112, reads access information from the access 

30 information storage unit 101 , and combines the random 
number and the access information, to generate random 
access information (Step S204). 
[0098] It is then followed by Step S1 02 in FIG. 4. The 
subsequent steps are the same as those of the authen- 

35 tication communication system 1 00. So the explanation 
of them are omitted here. 

5.3 Summary 

40 [0099] As described above, when the random number 
is updated, access information for accessing a confiden- 
tial data storage area is not used. Therefore, periodicity 
of the random number can be improved. 



[0100] An authentication communication system 
100b is explained below, as a modification of the au- 
thentication communication system 100a. 

50 

6.1 Construction of the Authentication Communication 
System 100b 

[0101] The authentication communication system 
55 100b is, as shown in FIG. 9, roughly composed of a 
reader/writer apparatus 10b and a memory card 20b. 
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(l)Construction of the Reader/Writer Apparatus 10b 

[0102] The reader/writer apparatus 10b includes an 
access information storage unit 101 , a random number 
seed storage unit 102, a combination unit 103, a public 
key storage unit 104, an encryption unit 105, a random 
number seed update unit 106, a mutual authentication 
unit 107, a temporary key generation unit 108, a data 
storage unit 110, an input/output unit 111, a random 
number generation unit 112, a content key generation 
unit 113, an encryption unit 114, a content additional in- 
formation storage unit 115, an encryption/decryption 
unit 116; and an encryption unit 117. 
[0103] The following explanation focuses on the dif- 
ferences from the reader/writer apparatus 1 0a. The oth- 
er points are the same as those of the reader/writer ap- 
paratus 10a. So, the explanation of them are omitted 
here. 

(a) Input/Output Unit 111 

[0104] The input/output unit 111 accepts input of con- 
tent additional information by a user operation, and 
writes the content additional information into the content 
additional information storage unit 115. 
[0105] Here, content additional information shows, for 
example, the number of times a content has been re- 
produced and length of time the content has been used. 
The content additional information is 8 bits long. 
[0106] The input/output unit 111 also obtains content 
data CD according to a user operation, and writes the 
content data CD into the data storage unit 110. 
[0107] Here, the content data CD is, for example, mu- 
sic content information. 

(b) Random Number Generation unit 112 

[0108] The random number generation unit 1 1 2 out- 
puts the random number R3 to the content key genera- 
tion unit 113. 

(c) Content Key Generation Unit 113 

[0109] The content key generation unit 113 reads the 
- content additional information from the content addition- 
al information storage unit 115, receives the random 
number R3 from the random number generation unit 
112, and generates a content key CK by evaluating Ex- 
pression 7 using the random number R3 and the content 
additional information. Here, the content key CK is 64 
bits long. 



the lower 56 bits of R3. 

[0110] Here, V is an operator denoting combination 
5 of data and data. 

[0111] Next, the content key generation unit 113 out- 
puts the content key CK to the encryption unit 114 and 
the encryption unit 117. 

10 (d)Encryption Unit 114 



[0112] The encryption unit 114 receives the content 
key CK from the content key generation unit 113, reads 
the public key UK from the public key storage unit 104, 
encrypts the content key CK according to an encryption 
algorithm E4 using the public key UK to generate an en- 
crypted content key EncCK, and outputs the encrypted 
content key EncCK to the decryption unit 116. 
[0113] Here, the encryption unit 114 uses DES for the 
encryption algorithm E4. 
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(Expression 7) 
CK=F4(R3, content additional information) 
=content additional information^ bits long) + 
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(e) Encryption/Decryption Unit 116 

[0114] The encryption/decryption unit 116 receives 
the encrypted content key EncCK from the encryption 
unit 114, encrypts the encrypted content key EncCK ac- 
cording to an encryption algorithm E2 using the tempo- 
rary key VK to generate a double-encrypted content key 
Enc(EncCK), and outputs the double-encrypted content 
key Enc (EncCK) to the encryption/decryption unit 211 . 
[01 1 5] Here, the encryption/decryption unit 1 1 6 uses 
DES for the encryption algorithm E2. 

(f) Encryption Unit 117 

[0116] The encryption unit 117 reads the content data 
CD from the data storage unit 1 1 0 and encrypts the con- 
tent data CD according to an encryption algorithm E5 
using the content key CK to generate encrypted content 
data EncCD. Then, the encryption unit 117 outputs the 
encrypted content data EncCD to the data storage unit 
213. 

[01 1 7] Here, the encryption unit 1 1 7 uses DES for the 
encryption algorithm E5. 

(2) Construction of the Memory Card 20b 

[0118] The memory card 20b includes a public key 
storage unit 201, a random number seed storage unit 
202, a random number seed update unit 203, a random 
number generation unit 204, a decryption unit 205, a 
separation unit 206, a mutual authentication unit 207, a 
temporary key generation unit 208, an encryption/de- 
cryption unit 21 1 , a key data storage unit 21 2, and a data 
storage unit 213. 

[0119] The following explanation focuses on the dif- 
ferences from the memory card 20. The other points are 
the same as those of the memory card 20. So, the ex- 
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planation of them are omitted. 

(a) Temporary Key Generation Unit 208 

[0120] The temporary key generation unit 208 outputs 
the temporary key VK to the encryption/decryption unit 
211. 

(b) Encryption/Decryption Unit 211 

[0121] The encryption/decryption unit 211 receives 
the temporary key VK from the temporary key genera- 
tion unit 208 and the double-encrypted content key Enc 
(EncCK) from the encryption/decryption unit 116. 
[0122] Next, the encryption/decryption unit 211 de- 
crypts the double-encrypted content key Enc(EncCK) 
according to a decryption algorithm D2 using the tem- 
porary key VK to obtain the encrypted content key Enc^ 
CK and writes the encrypted content key EncCK Into an 
area in the key data storage unit 212 shown by the ac- 
cess information. 

(c) Key Data Storage Unit 212 

[01 23] The key data storage unit 21 2 includes an area 
to store encrypted content key EncCK. 

(d) Data Storage Unit 213 

[0124] The data storage unit 213 receives the en- 
crypted content data EncCD and stores the encrypted 
content data EncCD. 

6.2 Operation of the Authentication Communication 
System 100b 

[0125] An operation of the authentication communi- 
cation system 1 00b is similar to that of the authentication 
communication system 100a. So, only the differences 
from the authentication communication system 100a 
are explained here. 

[0126] The operation of the authentication communi- 
cation system 1 00b is illustrated by a flowchart obtained 
by replacing steps S121 and onwards in the flowchart 
showing the operation of the authentication communi- 
cation system 1 00a with the flowchart shown in FIG. 1 0. 
[0127] The content key generation unit 113 reads con- 
tent additional information from the content additional 
information storage unit 115 (Step S301) . The random 
number generation unit 1 1 2 outputs the random number 
R3 to the content key generation unit 113. The content 
key generation unit 113 receives the random number R3 
from the random number generation unit 1 12, generates 
a content key CK using the random number R3 and the 
content key CK, and outputs the content key CK to the 
encryption unit 114 and the encryption unit 117 (Step 
S302). The encryption unit 114 receives the content key 
CK from the content key generation unit 113, reads the 



public key UK from the public key storage unit 104, en- 
crypts the content key CK according to an encryption 
algorithm E4 using the public key UK to generate en- 
crypted content key EncCK, and outputs the encrypted 
s content key EncCK to the encryption/decryption unit 1 1 6 
(Step S303). Next, the encryption/decryption unit 116 
receives the encrypted content key EncCK, encrypts the 
. encrypted content key EncCK according to an encryp- 
tion algorithm E2 using the temporary key VK, to gen- 
10 erate a double-encrypted content key Enc(EncCK) 
(Step S304). The encryption/decryption unit 116 then 
outputs the double-encrypted content key Enc( EncCK) 
to the encryption/decryption unit 211, and the encryp- 
tion/decryption unit 211 receives the double-encrypted 
15 content key Enc(EncCK)(Step S305). The encryption/ 
decryption unit 211 decrypts the double-encrypted con- 
tent key Enc( EncCK) according to a decryption algo- 
rithm D2 using the temporary key VK to obtain the en- 
crypted content key EncCK, and writes the encrypted 
20 content key EncCK into the area in the key data storage 
unit 212 shown by the access information (Step S306). 
[01 28] The encryption unit 1 1 7 reads content data CD 
from the data storage unit 11 0 (Step S307) and encrypts 
the content data CD according to an encryption algo- 
us rithm E5 using the content key CK, to generate encrypt- 
ed content data EncCD(Step S308). The encryption unit 
117 outputs the encrypted content data EncCD to the 
data storage unit 213, and the data storage unit 213 re- 
ceives the encrypted content data EncCD(Step S309). 
30 The data storage unit 213 stores the encrypted content 
dataEncCD(StepS310). 

6.3 Summary 

35 [0129] As described above, the authentication com- 
munication system 1 00b does not need another random 
number generation mechanism for generating a content 
key to encrypt content data. The random number gen- 
eration mechanism used for combining access informa- 

40 tion can double as that for generating the content key. 

7. Other Modifications 

[0130] Although the present invention has been de- 
45 scribed based on the above embodiments, the present 
invention is, of course, not limited to the above embod- 
iments. The following cases are also included in the 
present invention. 

so (1 ) Although a digital copyright work is music infor- 
mation in the above embodiments, it may be char- 
acter data, such as a novel and a thesis, computer 
program software for a computer game, com- 
pressed audio data represented by MP3(Moving 

55 Picture experts group audio layer 3), a still picture 
of JPEG(Joint Photographic Experts Group) format 
or the like, or a moving picture of MPEG(Moving 
Picture Experts Group) format or the like. 
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Also, the reader/writer apparatus is not limited 
to a personal computer, and may be an output de- 
vice for selling or distributing the above variety of 
digital copyright works. Additionally, the reader/writ- 
er apparatus is not limited to a personal stereo and 5 
may be a reproduction device for reproducing the 
digital copyright works. For example, it may be a 
computer game device, a belt-typed information ter- 
minal, a dedicated terminal, or a personal computer. 
The reader/writer apparatus may include both f unc- 10 
tions of the above output device and reproduction 
device. 

(2) In the above embodiments, DES is used for the 
encryption/decryptionalgorithms. However, other 
ciphers may be used instead. 15 

Also, SHA is used in the above embodiments . 
However, other one-way functions may be used in- 
stead. 

Although a public key and a temporary key are 
56 bits long, different length of keys may be used. 20 

(3) Although the combination unit 1 03 combines ac- 
cess information and the lower 32 bits of random 
number seed to generate a 64-bit random access 
information in the above embodiment, it is not lim- 
ited to this. It may be done as follows. 25 

The combination unit 103 may combine 32-bit 
access information and the lower 32 bits of a ran- 
dom number seed so that each bit thereof is alter- 
nately arranged, to generate 64-bit random access 
information. 30 

The combination unit 103 may also combine 
the 32-bit access information and the lower 32 bits 
of a random number seed so that groups of bits 
thereof are alternately arranged. In these cases, the 
separation unit 206 inversely performs the opera- 35 
tion of the combination unit 103. 

(4) Although the random number generation unit 
204 in the memory card 20 generates a random 
number R2 using a random number seed stored in 

the random number seed storage unit 202 in the *o 
above embodiments, the random number genera- 
tion unit 204 may generate the random number R2 
as a random number seed. 

Also, although the temporary key generation 
units 1 08 and 208 generate a temporary key using 4s 
the encrypted access information R1 and the ran- 
dom number R2, they may use response values. 
They may use a public key UK, too. 

(5) In the authentication communication system 

1 00b, the encryption unit 1 1 7 writes encrypted con- so 
tent data EncCD into the data storage unit 213. 
However, the encryption unit 1 1 7 may treat the en- 
crypted content data EncCD as confidential data 
and write it into an area shown by access informa- 
tion. 55 

Also, the encryption unit 1 1 7 may write the en- 
crypted content data EncCD into the data storage 
unit 213 without treating it as confidential data. 
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In addition, either of the encryption units 114 or 
1 1 7 does not need to be provided, and the remained 
encryption unit may double as the other. 
(6) The present invention may be the method shown 
in the above embodiments. Furthermore, the 
present invention may be a computer program 
which realizes this method on a computer, and may 
be a digital signal constituting the computer pro- 
gram. 

[0131] Also, the present invention may be a compu- 
ter-readable storage medium, for example, a floppy 
disk, a hard disc, a CD-ROM (Compact Disc-Read Only 
Memory), anMO (Magneto-Optical) disc, a DVD (Digital 
Versatile Disc), a DVD-ROM, a DVD-RAM, or a semi- 
conductor memory, in which the computer program or 
the digital signal is stored. Conversely, the present in- 
vention may also be the computer program or the digital 
signal stored in these storage media. 
[0132] Moreover, the present invention may be real- 
ized by transmitting the computer program or the digital 
signal via a network, such as an electric communication 
network, a wired or wireless communication network, or 
the Internet. 

[0133] Furthermore, the present invention may be a 
computer system equipped with a microprocessor and 
a memory. The memory stores the computer program, 
and the microprocessor operates in accordance with the 
computer program. 

[01 34] The present invention may be implemented on 
another independent computer system by transferring 
the computer program or the digital signal stored in any 
of the storage media, or by transmitting the computer 
program or the digital signal via the network or the like. 
(4) Various combinations of the above embodiments 
and the above modifications are possible. 

INDUSTRIAL APPLICABILITY 

[0135] The present invention can be used for mutual 
authentication between an output device which outputs 
digital copyright works and a semiconductor storage 
medium before duplicating a digital copyright work from 
the output device into the semiconductor storage medi- 
um. In addition, the present invention can be used for 
mutual authentication between a semiconductor stor- 
age medium which stores a digital copyright work and 
a reproduction device before reading the digital copy- 
right work from the semiconductor storage medium and 
reproducing the digital copyright work. 



Claims 

1 . An authentication communication system which in- 
cludes 

(a) a storage medium having an area for storing 
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digital information and (b) an access device for 
reading/writing digital information from/into the 
area, the authentication communication sys- 
tem comprising: 

5 

a first authentication phase in which the ac- 
cess device authenticates whether the 
storage medium is authorized according to 
a challenge-response authentication pro- 
tocol by transmitting scrambled access in- 10 
formation generated by scrambling access 
information which shows the area, to the 
storage medium; 

a second authentication phase in which the 
storage medium authenticates whether the is 
access device is authorized; and . 
a transfer phase in which, when the stor- 
age medium and the access device have 
authenticated each other as authorized de- 
vices, the storage medium extracts the ac- 20 
cess information from the scrambled ac-. 
cess information, and the access device 
reads/writes digital information from/into 
the area shown by the access information. 

25 

The authentication communication system of Claim 
i, 

wherein in the first authentication phase, the 
access device includes: 

• 30 

an access information acquisition unit for ac- 
quiring the access information which shows the 
area; 

a random number acquisition unit for acquiring 
a random number; 35 
a generation unit for generating random 
number access information by combining the 
access information and the random number; 
and 

an encryption unit for encrypting the random 40 
number access information according to an en- 
cryption algorithm, to generate the scrambled 
access information, 

the storage medium includes a response value 
generation unit for generating a response value 45 
from the scrambled access information, and 
the access device includes an authentication 
unit for authenticating whether the storage me- 
diumis authorized using the response value; 

50 

The authentication communication system of Claim 
2, 

wherein in the transf er phase, the storage me- 
dium includes: 

55 

a decryption unit for decrypting the scrambled 
access information'according to a decryption 
algorithm to obtain the random number access 



information; and 

a separation unit for separating the access in- 
formation from the random number access in- 
formation. 

4. The authentication communication system of Claim 
3, 

wherein in the first authentication phase, 

the access device further includes a random 
number seed storage unit for storing a random 
number seed, and 

the random number acquisition unit acquires 
the random number by reading the random 
number seed from the random number seed 
storage unit. 

5. The authentication communication system of Claim 
. 4, \ 

wherein in the first authentication phase, the 
access device further writes the scrambled access 
information over the random number seed stored in 
the random number seed storage unit, as a new 
random number seed. 

6. The authentication communication system of Claim 

•3, 

wherein in the first authentication phase, 

the access device further includes a random 
number seed storage unit for storing a random 
number seed, and 

the random number acquisition unit acquires 
the random number, by reading the random 
number seed from the random number seed 
storage unit and generating the random 
number based on the random number seed. 

7. The authentication communication system of Claim 
6, 

wherein in the first authentication phase, the 
access device further writes the random number 
over the random number seed stored in the random 
number seed storage unit as a new random number 
seed. 

8. The authentication communication system of Claim 
3, 

wherein in the transfer phase, 

the storage medium, which stores digital infor- 
mation in the area, includes an encryption unit 
for reading the digital information from the area 
shown by the access information and encrypt- 
ing the digital information according to an en- 
cryption algorithm to generate encrypted digital 
information, and 

the access device, which reads the digital infor- 
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mation from the area, includes a decryption unit 
for decrypting the encrypted digital information 
according to a decryption algorithm to obtain 
the digital information, the decryption algorithm 
being an algorithm for decrypting a cryptogram 
generated according to the encryption algo- 
rithm. 

9. The authentication communication system of Claim 
3, 

wherein in the transfer phase, 

the access device, which writes digital informa- 
tion into the area, includes: 

a digital information acquisition unit for ac- 
quiring the digital information; and 
an encryption unit for encrypting the digital 
information according to an encryption al- 
gorithm to generate encrypted digital infor- 
mation, and 

the storage medium includes a decryption 
unit for decrypting the encrypted digital in- 
formation according to a decryption algo- 
rithm to obtain the digital information, and 
writing the digital information into the area 
shown by the access information, the de- 
cryption algorithm being an algorithm for 
decrypting a cryptogram generated ac- 
cording to the encryption algorithm. 

10. The authentication communication system of Claim 
3, 

wherein in the transfer phase, 

the access device, which writes digital informa- 
tion into the area, includes: 

a digital information acquisition unit for ac- 
quiring the digital information; 
a content key acquisition unit for acquiring 
a content key; 

a first encryption unit for encrypting the ac- 
quired content key according to a first en- 
cryption algorithm to generate an encrypt- 
ed content key; 

a second encryption unit for encrypting the 
encrypted content key according to a sec- 
ond encryption algorithm to generate a 
double-encrypted content key; and 
a third encryption unit for encrypting the 
digital information according to a second 
encryption algorithm using the content key, 
to generate encrypted digital information, 
the storage medium includes a decryption 
unit for decrypting the double-encrypted 
content key according to a first decryption 
algorithm to obtain the encrypted content 
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key, and writing the encrypted content key 
into the area shown by the access informa- 
tion, and 

the storage medium further includes an ar- 
ea for storing the encrypted digital informa- 
tion. 



1 1 . An authentication communication method which in- 
cludes 

(a) a storage medium having an area for storing 
digital information and (b) an access device for 
reading/writing digital information from/into the 
area, the authentication communication meth- 
od comprising: 

a first authentication step in which the ac- 
cess device authenticates whether the 
storage medium is authorized according to 
a challenge-response authentication pro- 
tocol by transmitting scrambled access in- 
formation generated by scrambling access 
information which shows the area, to the 
storage medium; 

a second authentication step in which the 
storage medium authenticates whether the 
access device is authorized; and 
a transfer step in which, when the storage 
medium and the access device have au- 
thenticated each other as authorized de- 
vices, the storage medium extracts the ac- 
cess information from the scrambled ac- 
cess information, and the access device 
reads/writes digital information from/into 
the area shown by the access information. 

12. A computer-readable storage medium which stores 
an authentication communication program for use 
in an authentication communication system (a) 
which includes a storage medium having an area 
for storing digital information and an access device 
for reading/writing digital information from/into the 
area, and (b) in which the digital information is trans- 
ferred after each of the storage medium and the ac- 
cess device authenticates each other as authorized 
devices, the authentication communication pro- 
gram comprising: 

a first authentication step in which the access 
device authenticates whether the storage me- 
dium is authorized according to a challenge-re- 
sponse authentication protocol by transmitting 
scrambled access information generated by 
scrambling access information which shows 
the area, to the storage medium; 
a second authentication step in which the stor- 
age medium authenticates whether the access 
device is authorized; and 
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a transfer step in which, when the storage me- 
dium and the access device have authenticated 
each other as authorized devices, the storage 
medium extracts the access information from 
the scrambled access information, and the ac- 5 
cess device reads/writes digital information 
from/into the area shown by the access infor- 
mation. 

13. An access device which is included in the authenti- 10 
cation communication system of Claim 1 . 

14. An access device which is included in the authenti- 
cation communication system of Claim 2. 

15 

15. A storage medium which is included.in the authen- 
tication communication system of Claim 1 . 

16. A storage medium which is included in the authen- 
tication communication system of Claim 3. 20 
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FIG. 5 
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FIG. 6 
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